Multiple vulnerabilities in Siemens SIMATIC, SIMOTION, and SINUMERIK



Published: 2018-03-02 | Updated: 2018-03-02
Risk High
Patch available NO
Number of vulnerabilities 8
CVE-ID CVE-2017-5712
CVE-2017-5705
CVE-2017-5706
CVE-2017-5707
CVE-2017-5711
CVE-2017-5708
CVE-2017-5709
CVE-2017-5710
CWE-ID CWE-120
CWE-200
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SIMOTION P320-4S
Server applications / SCADA systems

SINUMERIK PCU50.5-P
Server applications / SCADA systems

WINXP
Server applications / SCADA systems

WIN7
Server applications / SCADA systems

SINUMERIK PCU50.5-C
Server applications / SCADA systems

SIMATIC ITP1000
Server applications / SCADA systems

SIMATIC IPC847D
Server applications / SCADA systems

SIMATIC IPC847C
Server applications / SCADA systems

SIMATIC IPC827D
Server applications / SCADA systems

SIMATIC IPC827C
Server applications / SCADA systems

SIMATIC IPC677D
Server applications / SCADA systems

SIMATIC IPC647D
Server applications / SCADA systems

SIMATIC IPC647C
Server applications / SCADA systems

SIMATIC IPC627D
Server applications / SCADA systems

SIMATIC IPC627C
Server applications / SCADA systems

SIMATIC IPC547G
Server applications / SCADA systems

SIMATIC IPC547E
Server applications / SCADA systems

SIMATIC IPC547D
Server applications / SCADA systems

SIMATIC IPC477E
Server applications / SCADA systems

SIMATIC IPC477D PRO
Server applications / SCADA systems

SIMATIC IPC477D
Server applications / SCADA systems

SIMATIC IPC427E
Server applications / SCADA systems

SIMATIC IPC427D
Server applications / SCADA systems

SIMATIC HMI IPC677C
Server applications / SCADA systems

SIMATIC Field-PG M5
Server applications / SCADA systems

SIMATIC Field-PG M4
Server applications / SCADA systems

SIMATIC Field-PG M3
Server applications / SCADA systems

Vendor Siemens

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Buffer overflow

EUVDB-ID: #VU9393

Risk: High

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5712

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote administrator to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in Active Management Technology (AMT). A remote attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU9390

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5705

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in kernel. A local attacker can send a specially crafted request, trigger memory corruption, execute arbitrary code and compromise the vulnerable system.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU9388

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5706

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in kernel. A local attacker can send a specially crafted request, trigger memory corruption, execute arbitrary code an compromise the vulnerable system.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Privilege escalation

EUVDB-ID: #VU10809

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5707

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges.

The vulnerability exists due to multiple buffer overflows in kernel. A local attacker can execute arbitrary code with elevated privileges.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU9392

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5711

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in Active Management Technology (AMT). A local attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU9391

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5708

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The weakness exists due to multiple buffer overflows in Active Management Technology (AMT). A local attacker with access to the system can send a specially crafted request, trigger memory corruption, execute arbitrary code with AMT execution privilege and compromise the vulnerable system.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Privilege escalation

EUVDB-ID: #VU9389

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5709

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to unknown error. A local attacker can send a specially crafted request,gain elevated privileges and access privileged content.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU10808

Risk: Low

CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2017-5710

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to multiple privilege escalations in kernel. A remote attacker can run unauthorized process to access privileged content via unspecified vector.

Mitigation

Workarounds are available on vendor's website.

Vulnerable software versions

SIMOTION P320-4S: All versions

SINUMERIK PCU50.5-P: All versions

WINXP: All versions

WIN7: All versions

SINUMERIK PCU50.5-C: All versions

SIMATIC ITP1000: All versions

SIMATIC IPC847D: All versions

SIMATIC IPC847C: All versions

SIMATIC IPC827D: All versions

SIMATIC IPC827C: All versions

SIMATIC IPC677D: All versions

SIMATIC IPC647D: All versions

SIMATIC IPC647C: All versions

SIMATIC IPC627D: All versions

SIMATIC IPC627C: All versions

SIMATIC IPC547G: All versions

SIMATIC IPC547E: All versions

SIMATIC IPC547D: All versions

SIMATIC IPC477E: All versions

SIMATIC IPC477D PRO: All versions

SIMATIC IPC477D: All versions

SIMATIC IPC427E: All versions

SIMATIC IPC427D: All versions

SIMATIC HMI IPC677C: All versions

SIMATIC Field-PG M5: All versions

SIMATIC Field-PG M4: All versions

SIMATIC Field-PG M3: All versions

CPE2.3 External links

http://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###